As industry and government assess the use of the cloud for the storage of data and the hosting of everything from infrastructure to applications, we are all working diligently to provide cloud encryption and make the cloud secure. But I want to take a step back and ask a possibly redundant question: What makes us believe we can make the cloud secure?
To find the answer, we should consider whether we have ever faced a challenge that is similar to securing the cloud; if so, we must examine the outcome. What was the approach to security? What was the presumptive theory that was the basis of the security strategy? Are we reinventing the wheel, or is there something from history that can tell us we should consider a different direction?
One way to tell whether cloud solutions are likely to be secure is to view them from the perspective of a historical linguist and cryptographer of the 19th century.
Look to Kerckhoffs for Cloud Encryption
Auguste Kerckhoffs was a Dutch linguist and cryptographer who lived in the 19th century and wrote an essay entitled “La Cryptographie Militaire” (Military Cryptography). Within this essay and other articles, he advocated that a practical cipher design should consist of six principles. One such principle, now known as Kerckhoffs’ principle, states that “the design of a system should not require secrecy, and compromise of the system should not inconvenience the correspondence.”
In other words, a secure system does not have to be secret to be secure. The only thing that should give a user access to the information within the system should be the key.
Think about that. If Kerckhoffs was correct — he presumably was and still is — it means that, in order for the cloud to be secure and provide cloud encryption, nothing about how the cloud is deployed or configured should give an attacker an advantage. The only thing that should allow a user access to the data in the cloud should be having access to the keys; that, by Kerckhoffs’ principle, is a secure cloud.
To simplify the matter further, this means that when we look at cloud encryption and security strategies, we must talk about good, fundamental key management strategies. The reason for this is that, to make your cloud security strategy pass the litmus test of Kerckhoffs’ principle, you must have key management that is a fundamental technical control for restricting access to the data. This is the same strategy that we use when you park your car, leave your house, close your office, close your desk, log out of your computer or a myriad of other activities that we do on a daily basis. We keep our keys with us, even though our “stuff” is somewhere else.
Keepers of the Keys
We all know Clouds come in many forms, including these among others:
- Infrastructure-as-a-service (IaaS)
- Platform-as-a-service (PaaS)
- Software-as-a-service (SaaS)
Presumably, some or all of your cloud is not under your control, but your keys should be. A perpetrator may be a cloud administrator, hacker or mischievous user. These different threats, and these different forms of the cloud, require different approaches to data protection; but the underlying principle is that the data in the cloud must, at a minimum, be encrypted. Moreover, these keys that are used for encrypting the data must be properly managed.
Kerckhoffs’ principle is a nonnegotiable requirement if we are going to deploy any solution that serves cryptography for business as part of a secure cloud solution. Some secure data solutions can require millions of encryption keys; others generate and deploy over 250,000 encryption keys per year just to maintain alignment with enterprise policy and procedure. In order for a secure cloud solution that can serve organizations with these kinds of requirements to be considered, the key management strategy of the solution must be able to manage keys at this scale.
Whether we are talking about little clouds or big clouds, private clouds or public clouds, when we wonder whether the cloud can be secure, we can look to history and see that, according to Kerckhoffs, the answer is yes, the cloud can be secure. We just need good key management.